Microsoft probing SQL Server vulnerability

Microsoft is investigating reports of a flaw that could allow someone to remotely execute code on a system running certain versions of SQL Server.

"Microsoft is aware that exploit code has been published on the Internet for the vulnerability addressed by this advisory," the company wrote in a security advisory published on Monday. "Our investigation of this exploit code has verified that it does not affect systems that have had the workarounds listed below applied. Currently, Microsoft is not aware of active attacks that use this exploit code or of customer impact at this time."

Microsoft said that once it completes its investigation, it will "take the appropriate action to protect our customers," which could include issuing a security patch through a service pack, in the monthly security update, or via an out-of-cycle security update.

The vulnerability was disclosed December 4 by Bernhard Mueller of SEC Consult Vulnerability Lab.